Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data.
GitHub comments abused to push malware via Microsoft repo URLs
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.
MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.
Roku warns 576,000 accounts hacked in new credential stuffing attacks
Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.
LastPass: Hackers targeted employee in failed deepfake CEO call
LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer.
185 Hits
Panera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails.
137 Hits
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
236 Hits
Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients.
196 Hits
Threat update
The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. LBT Technology Group encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory to mitigate the potential risk of this campaign.
245 Hits